1. Field
Embodiments of the present invention generally relate to the field of load balancing in a computer network. In particular, various embodiments relate to a method and system for balancing load by a session aware switching device.
2. Description of the Related Art
Communication is the exchange of information between two people and/or entities. Many aspects of life that involve communication have been greatly affected by the Internet. The Internet includes many network nodes that are linked together such that information may be transferred among them. Examples of network nodes include routers that propagate a packet from one link to another.
Packets arriving at a network node are distributed to other nodes in a private network. A private network maybe formed from a set of servers that are each capable of working on the packets that arrive at the private network. Such networks may receive many packets in a short time frame. All the packets that enter or leave a private network have to pass through a firewall. Firewalls restrict unauthorized Internet users from accessing the private networks connected to the Internet. In order to reduce the rejection or loss of the arriving packets, the private network may rely on multiple servers/firewalls that can work on the arriving packets simultaneously. The arriving packets hence can be distributed among different firewalls to compensate for their rapid arrival. This distribution of packets among different firewalls is known as load balancing.
Devices that perform load balancing among the firewalls use hardware and software. The software usually operates to setup or tear down traffic flows, whereas the hardware accelerates the delivery of the traffic. One such device is a network switch that can balance load among multiple firewall systems. For example, a network switch may use a load balancing configuration for different firewalls; however, the network topology in such a configuration provides multiple return paths to the client and hence cannot ensure that the server responses will return through the same path. Additional limitations of existing load balancing systems include (i) lack of granularity, which results in imprecise control over the service quality; (ii) limited processing capabilities; and (iii) vulnerability to malicious attacks, such as a Denial of Service (DoS) attack.